CVE-2025-37954

In the Linux kernel, the following vulnerability has been resolved: smb: client: Avoid race in open_cached_dir with lease breaks A pre-existing valid cfid returned from find_or_create_cached_dir might race with a lease break, meaning open_cached_dir doesn't consider it valid, and thinks it's newly-constructed. This leaks a dentry reference if the allocation occurs before the queued lease break work runs. Avoid the race by extending holding the cfid_list_lock across find_or_create_cached_dir and when the result is checked.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://git.kernel.org/stable/c/2407265dc32bc8cc45b62a612c2a214ba9038e8b	Patch
https://git.kernel.org/stable/c/2ed98e89ebc2e1bc73534dc3c18cb7843a889ff9	Patch
https://git.kernel.org/stable/c/3ca02e63edccb78ef3659bebc68579c7224a6ca2	Patch
https://git.kernel.org/stable/c/571dcf3d27b24800c171aea7b5e04ff06d10e2e9	Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc1::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc2::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc3::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc4::::::
	cpe:2.3:o:linux:linux_kernel:6.15:rc5::::::

History

14 Nov 2025, 17:03

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
CPE		cpe:2.3:o:linux:linux_kernel:6.15:rc4:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc5:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc2:::::: cpe:2.3:o:linux:linux_kernel:::::::: cpe:2.3:o:linux:linux_kernel:6.15:rc3:::::: cpe:2.3:o:linux:linux_kernel:6.15:rc1::::::
References	~~() https://git.kernel.org/stable/c/2407265dc32bc8cc45b62a612c2a214ba9038e8b -~~	() https://git.kernel.org/stable/c/2407265dc32bc8cc45b62a612c2a214ba9038e8b - Patch
References	~~() https://git.kernel.org/stable/c/2ed98e89ebc2e1bc73534dc3c18cb7843a889ff9 -~~	() https://git.kernel.org/stable/c/2ed98e89ebc2e1bc73534dc3c18cb7843a889ff9 - Patch
References	~~() https://git.kernel.org/stable/c/3ca02e63edccb78ef3659bebc68579c7224a6ca2 -~~	() https://git.kernel.org/stable/c/3ca02e63edccb78ef3659bebc68579c7224a6ca2 - Patch
References	~~() https://git.kernel.org/stable/c/571dcf3d27b24800c171aea7b5e04ff06d10e2e9 -~~	() https://git.kernel.org/stable/c/571dcf3d27b24800c171aea7b5e04ff06d10e2e9 - Patch
Summary		(es) En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: Evitar la competencia en open_cached_dir con interrupciones de arrendamiento. Un cfid válido preexistente devuelto desde find_or_create_cached_dir podría competir con una interrupción de arrendamiento, lo que significa que open_cached_dir no lo considera válido y cree que es de nueva construcción. Esto filtra una referencia de dentry si la asignación ocurre antes de que se ejecute el trabajo de interrupción de arrendamiento en cola. Evite la competencia extendiendo la retención de cfid_list_lock a través de find_or_create_cached_dir y cuando se comprueba el resultado.
First Time		Linux Linux linux Kernel
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5

20 May 2025, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-20 16:15

Updated : 2025-11-14 17:03

NVD link : CVE-2025-37954

Mitre link : CVE-2025-37954

CVE.ORG link : CVE-2025-37954

JSON object : View

Products Affected

linux

linux_kernel

CWE

NVD-CWE-noinfo

5.5 /10